To use JSON in cryptographic situations, it should be represented in an exactly reproducible format, i.e. canonical form.
Can the Export to XML/JSON always create this canonical form. Functional there is no difference with the current export, but then it can be used in digital signing.
An alternative is to do this in Java, but why do this unnecessary extra step if it is available in the export activity.
It could always export in canonical form; the current output criteria is not described anyway.
I did not analyse the ordering closely, but I cannot see a correlation between form and domain model ordering. Beware that keys of attributes and associations can be redefined in the message definition and thus have impact on ordering.
We solved it with extra customized Java coding, because the JSON framework Mendix is using, does not contain canonical form out-of-the-box.
I see. If the export mapping had an option to create the canonical form it would reorder the entries in lexicographical ordering.
Alternatively, you could use a JSON structure that is in lexicographical ordering. That would result in the output being in that order as well, right?
In short according to IETF the canonical form is defined by the following rules:
Lexicographical ordening is missing.
In what way(s) is the current result of an export to json not in canonical form?